Virtual Private Network
End to End Security
The term virtual network suggests to most people Protected, even private connections over generally accessible networks. It also implies any number of transport mediums ISDN, analog telephone networks (PSTN), mobile wireless networks (GSM, GPRS, UTMS) xDSL, or the Internet.
VPN technology took on additional significance with the use of the Internet for data transmission. Important reasons are its price and network structure. The Internet is available worldwide. It makes it possible to dial in for the cost of local call to the nearest Point of Presence (PoP) for cost-effective connections. Thus in a VPN r expensive leased lines are replaced with a sort of virtual leased line. The basic technology employed is called tunneling. The term "tunneling " graphically connotes a process that encloses the data packet payload within an envelope which then receives a new header and is sent over any network. The source and destination addresses of the original IP packet cannot be traced. This concept has been proven and has been implemented for some time.
IP data packets do not have any special security mechanisms. they are unprotected against eavesdropping, manipulation, destruction etc. Also the recipient cannot be sure that that the message really originated from the designated sender. Hence it is necessary to integrate security features in VPN tunneling technology.
Basically there are two approaches to make VPN s highly secure:
1. Extend the usual Layer 2 tunneling method with security features (Hybrid process)
2. Implement a Layer 3 tunneling process in which all security negotiations already firmly integrated.
According to the OSI reference model there are basically two types of tunneling protocol standards and a combination of the two. These are:
1. Layer 2 Tunneling with the protocols L2F (Layer 2 forwarding), and L2TP (Tunneling Protocol)
2. Layer 3 Tunneling with the specifications according to IPSec (IP Security)
3. Hybrid process: IPSec over L2TP, SSL over L2TP (L2Sec)